From f0978ae102743d0bc771a40b4444aaa285fbcbb8 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Wed, 4 Sep 2024 23:10:42 +0100 Subject: [PATCH] caddy: update to unstable The default config for automatic ACME no longer works in Caddy <2.8.0. This is due to changes with ZeroSSL's auth. Update to unstable Caddy which is new enough to renew certs again. Context: https://github.com/caddyserver/caddy/releases/tag/v2.8.0 Add `pkgs.unstable` as an overlay as recommended on the NixOS wiki. This is needed here as Caddy must be runnable on all architectures. --- flake.nix | 1 + hosts/sodium.pop.ts.hillion.co.uk/default.nix | 2 +- modules/impermanence.nix | 1 + modules/resilio.nix | 2 +- modules/services/gitea/gitea.nix | 4 ++-- modules/www/global.nix | 5 +++++ 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 727fa34..f193502 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,7 @@ fqdns = builtins.attrNames (builtins.readDir ./hosts); getSystemOverlays = system: nixpkgsConfig: [ (final: prev: { + unstable = nixpkgs-unstable.legacyPackages.${prev.system}; "storj" = final.callPackage ./pkgs/storj.nix { }; }) ]; diff --git a/hosts/sodium.pop.ts.hillion.co.uk/default.nix b/hosts/sodium.pop.ts.hillion.co.uk/default.nix index 15b8a0a..145f84c 100644 --- a/hosts/sodium.pop.ts.hillion.co.uk/default.nix +++ b/hosts/sodium.pop.ts.hillion.co.uk/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, nixpkgs-unstable, lib, nixos-hardware, ... }: +{ config, pkgs, lib, nixos-hardware, ... }: { imports = [ diff --git a/modules/impermanence.nix b/modules/impermanence.nix index 84e468d..ba1b599 100644 --- a/modules/impermanence.nix +++ b/modules/impermanence.nix @@ -60,6 +60,7 @@ in (lib.lists.optional config.custom.services.unifi.enable "/var/lib/unifi") ++ (lib.lists.optional (config.virtualisation.oci-containers.containers != { }) "/var/lib/containers") ++ (lib.lists.optional config.services.tang.enable "/var/lib/private/tang") ++ + (lib.lists.optional config.services.caddy.enable "/var/lib/caddy") ++ (lib.lists.optional config.services.step-ca.enable "/var/lib/step-ca/db"); }; } diff --git a/modules/resilio.nix b/modules/resilio.nix index 170db9e..c424358 100644 --- a/modules/resilio.nix +++ b/modules/resilio.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, nixpkgs-unstable, ... }: +{ pkgs, lib, config, ... }: let cfg = config.custom.resilio; diff --git a/modules/services/gitea/gitea.nix b/modules/services/gitea/gitea.nix index c468972..d924a54 100644 --- a/modules/services/gitea/gitea.nix +++ b/modules/services/gitea/gitea.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, nixpkgs-unstable, ... }: +{ config, pkgs, lib, ... }: let cfg = config.custom.services.gitea; @@ -55,7 +55,7 @@ in services.gitea = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.gitea; + package = pkgs.unstable.gitea; mailerPasswordFile = config.age.secrets."gitea/mailer_password".path; appName = "Hillion Gitea"; diff --git a/modules/www/global.nix b/modules/www/global.nix index 38befff..1b1b367 100644 --- a/modules/www/global.nix +++ b/modules/www/global.nix @@ -33,6 +33,11 @@ in services.caddy = { enable = true; + package = pkgs.unstable.caddy; + + globalConfig = '' + email acme@hillion.co.uk + ''; virtualHosts = { "hillion.co.uk".extraConfig = ''